Sessions

10:30 am Breakout Sessions

• Lightening Track Presented by the Nebraska University Consortium of Information Assurance (NUCIA) A. J.Newmaster and Brad Haas
  
  
  • Anti-forensics - Discussion and demonstration of anti-forensics techniques used to frustrate incident response and forensics investigations, presented by A. J. Newmaster and Brad Haas

• Impact of Vista on Incident Response - Discussion and demonstration of new requirements for Vista incident response tools, presented by Dan Cotton

• Protecting VoIP Networks (Tipping Point) Kameron Klein

Voice over IP has become prevalent in today’s business and home environments due to its cost effective nature, converged infrastructure, ease of management and powerful features. This technology will become even more widespread as companies stop developing and supporting traditional TDM telephony equipment. Protecting VoIP infrastructure from threats, misuse and abuse is vital as organizations continue to expect TDM reliability and security.

• NAC (Nortel) Sathy Ganesh

Increased user mobility combined with the growing number of internal threats from legitimate users and devices creates a daunting challenge for enterprises concerned with their overall network security. Because so many threats are from internal users, it is critical that endpoint security solutions not only focus on remote endpoints but also on wired and wireless endpoints within the corporate network where there is less control over user devices.

The Nortel Secure Network Access (SNA) portfolio offers products for an endpoint security and policy-compliance solution, which is designed to inspect, assess and enforce compliance to policy, and remediate at the network endpoint source, prior to network access. This presentation will examine the challenges of NAC and the technical details of the Nortel solution.

• Law Enforcement Track (closed session) – Investigating Cyber Crime 101: Scott Christensen – Identifying and collecting digital evidence.

1:30 pm Breakout Sessions

• Supporting a Business View of Risk Management - Qualys (Tim Shaughnessy)
  

This session provides a detailed description of this disconnect that exists between the IT department and the rest of the business, an overview of key business drivers, and their relationship to the IT security department.  In addition, the use of a needs assessment and the concept of ‘just-in-time’ reporting are discussed as a ways of getting business process owners to take responsibility for business risk by elevating the discussion to business driver risk.

A fundamental disconnect exists between the IT department and the rest of the business. In a recent survey, less that 30 percent of those surveyed believe that the IT department’s risk management and governance strategy is aligned with the rest of the business. Many security professionals believe that they are responsible for the risk posture of the enterprise.  This is reinforced by the fact that as security or compliance audits are conducted, the security department is where risk information is kept and measured.  In many organizations IT provides a view of risk that is measured only by the security posture of individual hosts.  This view only has partial relevance to the rest of the business.

The things that matter to the business are revenue, profitability, performance, and reputation.  These key business goals are supported by business processes such as Quote-to-cash, Order-to-ship, or dock-to-factory floor (such is the case at Ford Motor Company).  Anything that puts business processes at risk represents risk to the business overall. 

Aligning IT security with the rest of the organization’s view of risk can represent a leap forward in maturity for both IT security and the rest of the business.

This session provides a detailed description of this disconnect an overview of key business drivers, and their relationship to the IT security department.  In addition, the use of a needs assessment and the concept of ‘just-in-time’ reporting are discussed as a ways of getting business process owners to take responsibility for business risk by elevating the discussion to business driver risk.

• A Hacking Demo – Infogressive

Members of Infogressive’s Red Team will walk through and discuss the phases of a typical targeted attack. Phases covered include discovery, enumeration, vulnerability scanning, and exploitation. Specific tools and methods will be demonstrated and explained for each phase.

• A New Era in Mainstream Cyber Threats: How to Survive – Microsoft

Emerging 21st century mainstream computer threats are more sophisticated, less likely to be noticed, and harder to prevent against than those appearing just a few years ago. There has been a paradigm shift from recognition seekers and those with a cause who were simply targeting Hosts and Network firewalls with a loud footprint to newer stealthy & sophisticated blended threats using rootkit techniques quietly seeking out the new low-hanging cyber fruit – The Applications, Data & Hardware itself in order to make a profit.

Many businesses and governments have the Network and Hosts secured with Firewalls, Intrusion Detection Systems and Antimalware defenses, but I will discuss the current threat landscape as it applies to Application Security, Hardware, and Data in light of these new or still successful methods of attack and the release of Metasploit 3.0 and hacking toolkits. Some of the topics I will cover include:

• Cross Site Scripting & SQL Injection
• Application Firewalls (Layer 7)
• Application & Database Integrated Antimalware
• 3rd party applications & utilities patch management
• Buffer Overflows & Secure coding

• SOHO Routers
• Printer Firmware
• PCI Card Viruses
• BIOS Rootkits
• Pharming / Drive-by Pharming
• VOIP Hijacking

• Data Encryption
• Rights Management (Policy Enforcement)
• Corporate & Government Espionage Threat
• Phishing / Spear Phishing
• Legislation (HIPAA, SOX, etc…)
  
• Law Enforcement Track (closed session) – Legal: Cory O'Brien from Attorney General’s Office – Applicable Statutes – Electronic – Computer Intrusion – Child Exploitation.

3:00 pm Breakout Sessions

• Law Enforcement and Security Breaches – Scott Christensen (NSP)
  This session will provide you an overview of computer forensics in addition to a step-by-step guide on securing a compromised computer for additional forensic testing.  We will look at the steps necessary to maintain chain of custody, and what can and can not be done in order to prosecute individuals with computer crimes.
  
  
• Data Leakage Prevention – FishNet Security
  The purpose of this presentation is to address what companies need to do to prepare for a DLP implementation. Companies will often by purchase a DLP solution without considering what data needs to be monitored, where the data is stored, how the data moves, and how to tie the new technology to their existing security policies and processes. The presentation will walk through the pre implementation process of evaluating a company’s IT environment and understanding how DLP needs to be tied to business and compliance processes.

• Application Vulnerability Assessments (IBM) - Steven Schmidt
  Few can argue that web applications present a significant threat of attacks for organizations. For IT Security Professionals, they also present a significant challenge. To stay ahead of malicious users and protect sensitive data, security teams need to understand how vulnerabilities in applications are first exposed and then exploited by cyber-criminals for profit.
  

  In this Seminar, you will learn about:

  
  - The importance of web application security - today's most significant online threat
  - The 3 most common web application attacks -- how they occur, and what can be done to prevent them
  - Manual versus automated approaches for scanning and identifying web application vulnerabilities

• Law Enforcement Track (closed session) – Cell Phone Forensics: Laurie John